<?php
if(!isset($_GET["f"])){
	die("No font specified");
}
if(!isset($_GET["t"])){
	die("No type specified");
}

$fontDir = dirname($_SERVER["SCRIPT_FILENAME"]) . "/font/" ;

$file = $_GET["f"] . "." . $_GET["t"];


// Verification des paramètres pour éviter le crosscripting
$file = str_replace("/", "" , $file);
$file = strip_tags($file);

// Protèger les 2 variables

$font = $fontDir . $file;

if(!is_file($font)){
	die("$font not exists");
}
header('Content-Description: Font File');
switch($_GET["t"]){
	case "eot":
		header('Content-Description: Extended OpenType Font File');
		header('Content-Type: application/font');
		break;
	case "ttf":
		header('Content-Description: TTF Font File');
		header('Content-Type: application/x-font-TrueType');
		break;
	case "woff":
		header('Content-Description: Web Font File');
		header('Content-Type: application/x-font-TrueType');
		break;
	case "otf":
		header('Content-Description: OpenType Font File');
		header('Content-Type: application/x-font-woff');
		
		break;
	default:
		die("Invalid type : " . $_GET["t"]);
}
header('Content-Length: ' . filesize($font));
header('Content-Disposition: attachment; filename="' . $file . '"');
readfile($font); 